You Are Not Over Budget -- You Underestimated

When forces align to underfund IT projects, they guarantee an ugly finish

We all know horror stories of IT projects that run over budget, deliver the wrong result, or simply fail to cross the finish line at all. I bet you've been involved with such projects.

Even if businesses and governments rarely admit it publicly, IT disasters are more common than IT successes, and it's a rare project that actually delivers a great solution on time, within budget.

No single type of project is immune. The victims include software development, hardware upgrades, compliance efforts, security measures, and, in a twisted irony, even audits of other IT projects.

If the failure of these toxic projects weren't bad enough, their failure spreads in a ripple effect -- or a tsunami effect, considering the potential loss -- since late, overbudget projects likely have operational, compliance, and security shortcomings. This creates corrective projects, with their own risks of budget and schedule issues, to address the failures of the original, late, overbudget projects.

Generations of new approaches in project management, years of new technology, and thousands of new project tools have attacked the problem, but the chronic failure to deliver on time and within budget persists.

The problem is so common that nontechnical management has become almost universally skeptical of all IT projects. Many would rather buy a used car from a shady lawyer than commit to another large IT effort. Who can blame them?

So why do IT projects continue to run late and over budget? Why are we apparently powerless to correct a problem we have defined so thoroughly? Are we not learning the right lessons? Is the pace of technology overwhelming our ability to implement it? Are we just stupid?

I suggest that we can't solve this problem because we are trying to solve the wrong problem. Many, if not most, of these failed projects are, in reality, neither over budget nor overdue. It's much more likely that they are underestimated, not only for cost but also for time required.

Before they even start, these projects are destined to fail to meet either budget, time tables, or benchmarks.

The worst part of this problem is that everyone is complicit in this conspiracy of accepting, and contributing to, an appallingly high amount of failure.

Nontechnical management and staff often do not understand the "magic" of IT, so they focus their pressure on two things they do understand: cost and scope.

Many in management dislike the very nature of IT in business -- the seemingly endless demands for funding, like a hungry teenage boy who always wants another pizza. Out of frustration, these managers start drawing the line on cost without due consideration to the lowered odds of success. Or for a given cost, they cram in more requirements -- you know, to "get their money's worth."

Technical professionals are equally responsible and in a lot of different ways. The worst is the often-fatal group-created (and group-reinforced) false optimism. "Sure, we can pull that off!" is the groupthink of an entire industry filled with smart people who seek opportunities to show others how smart they are.

Some others allow their underestimated projects to become bloated because they are genuinely powerless to say no.

Everyone involved is at least sometimes guilty of poorly matching deliverables to realistic cost. If the project budget increases, so does the scope. The odds of delivering successfully drop accordingly, and everyone was a contributor in building a booby trap for themselves and their co-workers alike.

When outsourced bidding is involved, you get a deadly mix of 1) intentional low-ball bidders (win on price, hit them with change fees); 2) inadvertent low-ball bidders (they genuinely don't understand their under-estimated winning bid may put them out of business); and 3) decision makers who are not equipped to evaluate bids using success as a metric.

This problem will only be resolved when IT and non-IT leaders learn to be grown-ups about cost, time, and realistic expectations. To save real time and money requires uncommon professional discipline. In the end, it may be too much to ask of people.

Glenn S. Phillips agrees with Walt Kelly, "We have met the enemy, and he is us." Glenn is the president of Forte' Incorporated where he works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. Glenn is the author of the book Nerd-to-English and you can find him on twitter at @NerdToEnglish.Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Published: 2015-03-31The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.